On Cisco Prime Collaboration Assurance Packet Capture & enabling Root access

As you may know, starting of version 10.6 of Prime Collaboration Assurance packet capture became quite tricky. It happened due to Cisco’s decision to disable Root access on the server. Fortunately, Cisco didn’t quite swallow the key.

Packet capture is definitely one of the best troubleshooting tools out there for Prime Collaboration Assurance, and while Cisco’s efforts to tighten up security on PCA are very legitimate, sometimes we have to find a way around it.
In order to capture packets on the Prime Collaboration Assurance server we would need to use the tcpdump command. Since tcpdump is a command that needs elevated privileges, we would need Root access to run it.
Having Root access to Prime Collaboration Assurance can be very handy.
For example, you can use SCP to transfer files to and from the server and conveniently browse logs, files and folders. But first things first.

The preparation: Enable root access in Prime Collaboration Assurance.

In order to enable root access follow the next procedure:

PCA/admin# root_enable
Password : ****
Password Again : ****

Root patch enabled

PCA/admin# root
Enter root patch password : ****
Starting root bash shell ...
ade #/opt/emms/emsam/bin/enableRoot.sh
currentpermitroot = PermitRootLogin no
Restarting the ssh service
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]
ade #
ade # passwd
Changing password for user root.
New UNIX password: ****
Retype new UNIX password: ****
passwd: all authentication tokens updated successfully.

That’s it. You can now login via SSH using root!!

The main dish: Prime Collaboration Assurance Packet Capture

root access lets you use all of the available Linux commands, so handle with care.

Tcpdump is a very flexible command and a lot can be done with it.
Here is an example:

To capture packets for a specific host:
tcpdump -s0 -w file.pcap host 10.1.1.1

Where:
-s0 : capture the whole packet, no matter the size.
Host 10.1.1.1 : capture packets from and to specific host.
Net 10.1.1.0/24 : capture packets from and to specific network.
-w file.pcap : save the capture to a file named file.pcap. You can skip it if you want the output on the screen.

You can find some more useful parameters here

The side dish

Once you have root access, there are several things you can do.
First of all, it’s nice to know that you can log in as root and still use your admin capabilities without having to log out and log in again.
Just type #su admin when logged in as root to enter admin mode.

Some other things you can do include:

Browsing logs and Directories

This can be done using SCP (secure copy) apps such as FileZilla or WinSCP
Simply enter the IP address with port 26 and use your root username and password to login.

Using local repository for upgrades

This is a great way to make the downtime during upgrades shorter. Simply copy the upgrade file to the server in advance and set the local disk as the repository.
For example:

admin# configure terminal
admin(config)# repository local
admin(config-Repository)# url disk:

This URL points to the localdisk folder under root, i.e. /root/localdisk/
You can verify that the file you want is actually in the repository by entering:
Admin#show repository local

Some desert

O.K, I know that now isn’t the best time to tell you that there might be an easier way to capture packets on Prime Collaboration Assurance, none the less, I am obliged to.
Actually, the only version that I know it to work with is 10.6, so chances are slim. If you are the curious type give it shot. Just enter the following URL and follow the crumbs.
https://<PCA_IP_address>/emsam/index.html#pageId=com_cisco_emsam_page_diag_links
Don’t forget to let me know how it went.

If you have any questions or ideas as to some useful things that can be done with Root access let us know in the comments below!

Leave a Reply

Your email address will not be published. Required fields are marked *